package com.ltedu.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

/**
 * @ClassName: SecuritySecureConfig
 * @Auther: Jerry
 * @Date: 2020/11/11 11:36
 * @Desctiption: TODO
 * @Version: 1.0
 */
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
        handler.setTargetUrlParameter("redirectTo");
        handler.setDefaultTargetUrl(adminContextPath + "/");
        http.authorizeRequests().
                // 配置所有静态资源和登录页可以公开访问
                antMatchers(adminContextPath + "/assets/**").permitAll().
                antMatchers(adminContextPath + "/login/**").permitAll().
                anyRequest().authenticated().and().
                // 2.配置登录和登出路径
                formLogin().loginPage(adminContextPath + "/login").successHandler(handler).and().
                logout().logoutUrl(adminContextPath + "/logout").and().
                // 3.开启http basic支持，admin-client注册时需要使用
                httpBasic().and().csrf().
                // 4.开启基于cookie的csrf保护
                csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).
                // 5.忽略这些路径的csrf保护以便admin-client注册
                ignoringAntMatchers(adminContextPath + "/instances",
                        adminContextPath + "/actuator/**");
    }
}
